What is Double Extortion Ransomware?

One of the most dangerous forms of cyber attacks is ransomware. Any organisation, regardless of size or industry, can be affected by it. WannaCry ransom attacks, for example, paralyzed the British NHS for several days due to a ransom demand.

According to CyberSecurity Ventures, ransomware attacks will cost the global economy $20 billion by 2022. It is estimated that businesses and organizations are attacked by ransomware every 11 seconds.

We’ll answer a few key questions about ransomware in this article to help you avoid its devastating effects.

What is Ransomware?

What Malware Does

The term ransomware refers to malicious software (malware) that encrypts a company's files, databases, and applications and demands a large payment to unlock them.

How Malware Works

In order to install malware, attackers must first gain access to your network. Many ransomware attacks are viruses or trojans that hide in files downloaded from the internet or through an email attachment. 

Targeting Organisations

It is also possible for criminals to target your organization specifically and even gain access to your physical systems to install malware on your network.


By using complex mathematical equations, a ransomware program scrambles your data using asymmetric encryption. The only way to unlock your data is by using these keys.


When it discovers security vulnerabilities in your network, it may spread to other systems or even other organisations. WannaCry did exactly that in the NHS.

The Ransom

In exchange for the private key, the criminals will demand money.

When was the first ransomware attack?

PC Cyborg, formerly known as the AIDS Trojan, was responsible for the first ransomware attack. As part of the United Nations AIDS conference in 1989, Joseph Popp sent out 20,000 floppy disks.

On the host computer’s main drive, the program would hide directories and encrypt files. In order to regain access, Popp demanded $189 be sent to PC Cyborg Corporation via a Panama PO box.

There wasn’t much complexity involved in cracking the AIDS Trojan, as its encryption methods were simple. Nowadays, that’s not the case, as many encryption algorithms can’t be decrypted without the private key.

How much does a ransomware attack cost?

Getting infected with ransomware will make your network inaccessible to all your critical files and applications. It is particularly difficult to recover lost data and repair damaged systems if you do not pay the high ransom fees.

An average ransomware attack costs a UK business $1.96 million (£1.7 million), according to Sophos.

It could be too costly for small and medium businesses to recover from a ransomware attack if they aren’t prepared. Cyber attacks cause 60% of SMBs to go out of business within six months.

Who carries out ransomware attacks?

The majority of ransomware attacks are conducted by organised groups known as ransomware gangs, which are different from other forms of cyber attacks. To facilitate these attacks, a considerable amount of infrastructure is required, from distributing malware to accepting payments and sending private keys.

These organizations enable cybercriminals to attack larger targets and raise more ransom funds than they could independently.

For example, Hive is one of the most notorious ransomware gangs in operation. By pooling their resources, they were able to target high-profile targets such as the Costa Rican Social Security Fund and even the Ohio Memorial Health System.

What type of business are most likely to be a victim of a ransomware attack?

The unfortunate reality is that any business can be targeted by ransomware. However, criminals do tend to focus their efforts on key industries.

Trellix found that the most common industry targetted is banking & finance (22%).

This is followed by:

In these sectors, a loss of productivity and data can be particularly damaging, since they are critical infrastructure.

However, firms in any industry should be protecting themselves from ransomware attacks. 

Learn about the history of Cybersecurity in under 3 minutes by Dunedin IT Director Jamie Clague.

Jamie Clague, Dunedin IT Director

What is double extortion ransomware?

Double extortion ransomware attacks involve stealing and exfiltrating a victim’s data as well as encrypting it. By doing this, the attack has more leverage to demand a successful ransom payment.

The goal is to find sensitive information that would be costly to leak. Information that might embarrass or harm a victim’s reputation can be included in personal attacks.

In businesses, this data could be trade secrets, customer records, and employee information. This stolen information can also be sold to third parties or published on dark web forums by attackers.

If I’m attacked, should I pay a ransom?

Ransom payments are strongly discouraged by security organizations such as the NCSC and the FBI. Why? Paying the ransom fee won’t guarantee that your files will be unlocked.

You may even be asked for more money if your organization appears to be willing to pay. These ransom sums may also be used to fund other criminal activities such as targeting other firms or funding other aspects of organised crime.

Instead, invest in securing your critical infrastructure from cyberattacks.

How do I prevent a ransomware attack?

To avoid a ransomware attack and mitigate the effects of a successful infection, follow these steps:

1. Regularly back up your organisation’s data:

Restoring data from an off-site backup is the easiest way to recover it. Our recommendation is to automate the backup process - incremental backup regimes may prove to be effective in this regard. A backup location shouldn't be permanently connected to your network, as it could also be encrypted during an attack.

2. Keep multiple backups of critical files and applications:

Ensure your critical files are stored in multiple locations and don't rely on one backup medium. Consider using multiple cloud storage servers, for example.

3. Close any security vulnerabilities by installing filters and antivirus software:

Secure your system by plugging the security vectors that attackers may use. Detecting ransomware as soon as it downloads from the Internet can be done with a strong antivirus program which periodically scans downloads.

4. Educate your employees on cyber security best practices:

In order to exploit insider negligence, attackers use social engineering. Providing your employees with cybersecurity training can help them identify suspicious files and prepare them for attacks.

Business Continuity

In order to avoid costly data loss and productivity loss, a detailed response and continuity strategy is essential.


In the event of an attack, what is the best course of action and first response?


What is your security team's plan for removing the virus?


When restoring files from off-site backups, what steps must be taken?


Who is responsible for implementing this strategy?

What should I do if I’m a victim of a ransomware attack?

The best way to avoid costly loss of data and productivity is to have a detailed response and continuity strategy in place.

What actions and first response needs to be done when an attack happens? How will your security team remove the virus from your network? What is the process for restoring files from off-site backups? Who’s responsible for actioning this strategy? 

As soon as you detect a ransomware attack, you should: 

Businesses of all sizes are susceptible to ransomware attacks, if they are unprepared. When you take the necessary precautions, responding to these attacks can be much easier and cheaper.

The key to achieving this is to have a cyber security strategy that is smart and adaptable. Do you need assistance finding storage solutions and configuring backups? Do you need a watertight anti-virus and email filter? Need assistance in responding to a cyber attack quickly? 

Get in touch with our cyber security experts today to find out how we can help!

* indicates required